BadBunny Virus for OpenOffice.org? Nope, just BadCode

Yesterday the news of a supposed StarBasic (the scripting macro language inside OpenOffice.org and StarOffice) broke, with the press trumpeting the news that a virus had been discovered that put OpenOffice.org users at risk. The ArsTechnica article (an example of the slightly alarmist press coverage) concluded that OpenOffice was as vulnerable as any other Office suite. The OpenOffice.org team released a statement that firmly assigns this situation to the oddity/curiosity/publicity stunt category.

Several customers have asked me if this is indeed an issue, and while we at Novell take security very seriously, this seems to be simply an attempt at gaining some notoriety, rather than an actual threat to OpenOffice.org users. In fact the authors of the supposed virus actually didn’t let the OpenOffice.org team know about it until after they send the virus code to the Sophos.com security team, a move considered extremely rude in security circles, the defending team needs to be told first in order to react properly and in a timely manner.

You can be certain that we are watching this situation, and as the 2nd most active contributor to OpenOffice.org next to Sun, we have engineers who understand the situation and any necessary actions will be pursued with alacrity.

If you have further questions about this, either leave a comment or email one of us, we’re listed on the contact page, or just click on my name below.